70850 matches found
Wavlink WL-WN570HA1 注入漏洞
The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the parameter “Username” in the function...
Wavlink WL-WN570HA1 注入漏洞
The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the setsyscmd function in the /cgi-bin/adm.cg...
Wavlink WL-WN570HA1 注入漏洞
The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the DDNS parameter in the function pingddns...
PT-2026-36695
Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists in the set sys cmd function within the '/cgi-bin/adm.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary commands by manipulating t...
PT-2026-36696
Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A remote command injection issue exists in the ping ddns function within the '/cgi-bin/adm.cgi' endpoint. Manipulating the DDNS argument allows an attacker to execute arbitrary comman...
Langflow 注入漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from a function in the component Full Builtins Module Handler: CodeParser.parsecallabledetails...
JD Cloud JDCOS 注入漏洞
JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...
PT-2026-36722
Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...
PT-2026-36687
A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...
PT-2026-38684
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0435 Description An OS command injection issue exists in the :find command-line completion. When the path option contains shell commands enclosed in backticks, these commands are executed during file name completion...
PT-2026-36685
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...
PT-2026-36690
Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.8.5 Description A command injection issue exists in the Full Builtins Module Handler component. The problem resides in the CodeParser.parse callable details function within the file...
MiracleLinux 8 : python3.11-3.11.13-7.el8_10 (AXSA:2026-522:10)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-522:10 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...
MiracleLinux 9 : python3.12-3.12.12-4.el9_7.3 (AXSA:2026-519:12)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-519:12 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...
Arbitrary Command Injection
Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
EUVD-2026-26800
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...